Review Trojan/Virus Reports « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » Talks

[sticky]

Review Trojan/Virus Reports

(164 posts) (82 voices)

Started 2 years ago by Lee
Latest reply from Steve

Tags:

12…6 Next »

Lee

offline
Member

This thread is for those that are concerned that an application or game from GOTD (giveaway of the day) may contain a virus, trojan or various forms of spyware.

The GOTD Team do scan the giveaways prior to making them available, using multiple tools, and take every precaution to ensure that giveaways are virus, spyware or malware free.

However, if you find such a problem please reply with:

1) Which virus scanner you use (or spyware scanner such as Ad-aware, Spybot Search & Destroy).

2) What the problem is, if your virus scanner calls it a trojan, a virus or spyware

3) Any further information such as your operating system (XP, 2000, Vista, Windows, ME, 9X etc), any further information you found on the internet using various search engines such as Google or Yahoo.

Finally, please make sure your scanner signature/database is up to date and current.

Posted 2 years ago #
triphammer

offline
Member

Today's giveaway "Hard Drive Inspector 2.2" is showing as a keylogger from my SpySweeper program from Webroot. And before anybody asks.. Yes... SpySweeper is updated and is the latest version.

As soon as I run the setup file, Spysweeper quarantines what it says is a keylogger.

Posted 2 years ago #
BuBBy

offline
Administrator

Does Spysweeper give the "keylogger" a name?

It would help me not only to know you are sick - but what the suspected diagnosis was.

Posted 2 years ago #
tvcpro

offline
Member

I had the same thing happen when I installed Hard Drive Inspector. Spy Sweeper quarantines the spykeylogger file.
This is the info from the Spy Sweeper website about the file.

Name SpyKeyLogger
Unique Code SKL03
Type Commercial System Monitor
Severity Critical
Description

SpyKeyLogger is a monitoring program that secretly tracks all activities of computer users.

I hope this is useful. BTW I emailed your support group about this earlier today and Alex said not to worry, it was a false positive.

Posted 2 years ago #
danielmau

offline
Member

I have the same thing happening.

Using Spy Sweeper.

The spyware is spykeylogger.
http://research.spysweeper.com/search.php?serialnumber=skl03&lang=en&loc=CAN&category=System%20Monitor&rc=1

Posted 2 years ago #
BuBBy

offline
Administrator

Definitely looks like a false positive.

The autopsy reports on other SpyKeyLogger infected systems - don't bear the same marks as my system after installing HDI. The various files & registry keys that should be there for SpyKeyLogger - are missing.

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090703
http://www.symantec.com/security_response/writeup.jsp?docid=2005-051219-0928-99&tabid=2
http://sarc.com/avcenter/venc/data/spyware.spykeylogger.html

Also Spybot S&D, Adaware, Spyware Terminator, a-squared and AVG AntiSpyware all came up clean.

Posted 2 years ago #
Lee

offline
Member

Yes I agree, it's a false positive.

I also scanned it with NAV2007 (Norton Antivirus 2007) and SPSD (Spybot Search & Destroy)and nothing to worry about.

Sometimes I am not saying it out of malice, however sometimes the authors of such programs try too hard and it's a bit of a propaganda slot.

I found this with spycatcher, it basically disabled my whole system.

Obviously it's a logger as it moniotrs your hard disk.

Posted 2 years ago #
BuBBy

offline
Administrator

I'm not having a shot at any AntiSpyware program in particular - but sometimes I think that the programs aren't as thorough in checking for an infection as they should be. When doing a scan - if the program shows lots of detections that no other program finds - some people might read this to mean that the program is somehow better because it detected more than it's competitors.

The giveaway is find a description of what the Malware "should" look like - what files and registry keys should be present - and do a comparison yourself.

If multiple files and registry keys that form the malware/spyware are missing and on further investigation there seems to be little in common between your system and the internet spyware reports/descriptions - you probably have a false positive on your hands.

You should always have two or more anti-spyware and anti-virus programs available on your system. If none of the alternate programs can detect any infection, then a false positive looks more likely.

Below links to plenty of FREE AntiVirus and AntiSpyware scanners/cleaners.

http://www.freebyte.com/antivirus/
http://www.thefreecountry.com/security/antivirus.shtml
http://www.thefreecountry.com/security/spywareremoval.shtml

When comparing AntiVirus Products - one metric that I personally refer to is VB100 awards.

How is a VB100 award given - http://www.virusbtn.com/vb100/about/100use.xml
VB100 Awards - by Vendor. http://www.virusbtn.com/vb100/archive/results.xml?display=vendors
(The virusbtn links may require a simple free registration - for a login account)

Posted 2 years ago #
2-SHEDS

offline
Member

Before a decent answer was given to triphammer and others with the problem, the giveaway had ended. Are we expected to keep the program on the computer (with the suspected problem) until the moderators in the forum give it an "OK"? I've been following the forums for a while now. The moderators here are volunteers NOT the actual Admins or GOTD staff offering the software. The definitive "False positive" from Lee just because he ran it through Spybot, doesn't make sense. The most he can say is that "Spybot" isn't picking it up as spyware. I also don't understand his comment "Obviously it's a logger as it monitors your hard disk". WHAT?

I have Spy Sweeper like others here. And Spy Sweeper has never come back with an alert for a keylogger for the previous version of this particular program offered, and hasn't for any other hard drive monitors.

If I can quote Bubby "I'm not having a shot at any AntiSpyware program in particular - but sometimes I think that the programs aren't as thorough in checking for an infection as they should be." Exactly why I use Webroot's Spy Sweeper Bubby. The other free stuff just isn't as in depth as I'm used to with Spy Sweeper.

I will go on to say that Spy Sweeper has picked up things that Adaware, Spybot, and AVG Spy, never caught. Spy Sweeper has also removed "root kits" that the others couldn't remove either. So I'm perfectly happy with my Spy Sweeper. I'm not toting Spy Sweeper as the end all to spyware programs. I myself have a couple different anti-spyware programs. I also have Spybot, adaware, and have used AVG Spy. Nothing wrong with them. I use them as a double checking device. But various anti-spyware programs sometimes look for behavior that maybe another anti-spyware program may not be looking for. And sometimes people are looking for that behavior in a program rather than a definitive YES on a "Spyware" program that is definitely spying on your computer. Which is the case with Spy Sweeper. If Spy Sweeper tells me a program is doing something and I can't see a reason for it. I don't install the program. It's what makes me feel secure at my computer. As I'm sure Lee and Bubby feel secure with their protection for their computer.

And as much as everyone here would like to see everyone in the comment section posting here in the forum instead of in the comment section, I don't think it would happen. There are clearly fewer that come to the forum, and the comment section has more relevent facts pertaining to the download from more people.

Personally, I would have like to have seen triphammer's comment in the comment section. There were obviously others getting a spyware alert. If I was going to download something, I would like to see what EVERYONE is getting for problems there in the comments section rather than go looking for other relevent opinions or facts. That doesn't necessarily mean the software is bad. But it may give others a "head's up" as to what problems others are having.

Besides that, by the time triphammer and others got an answer here in the forum, it was too late for anybody to decide whether they wanted to actually install the program. But if they followed the comment section they would have a broader view of the download issues.

I understand what you're trying to do here in the forum with this topic. I just don't think you're going to get everyone who comes to the site on board with coming to the forum for certain issues. Even if they do, they don't get an answer 'til it's too late. Personally I'd like to see what ppl have to say without going to several places to find out ALL the issues with installation or functionality. Right now that seems like the comment section.

Lee's comment yesterday and Bubby's coment today in the comment section isn't going to drag the people here. As is evident by comparing the amount of comments there and here. If you get people to come here in the forum as triphammer did, you'll have to come up with an answer or at least a discussion before the giveaway is up. Because people are having these discussions back and forth in the comment section. Not here.

It is my hopes that the moderators take this post as more constructive than criticle. I do believe Bubby's last post was a good answer to the discussion. A little late, but it was a good answer.

Posted 2 years ago #
Lee

offline
Member

This thread was started before the GAOTD period had ended.

Posted 2 years ago #
2-SHEDS

offline
Member

Yes... but no valid information concerning the problem until after it was too late. People aren't going to monitor the forum 24/7. Any information posted would have to be before the giveaway ended. That kinda information sharing happens in the comment section not here.

I like what you guys are trying to do. I just don't think it'll ever happen. I'd prefer to have it all in one place here in the forum. But people who aren't part of the forum here would have to register, and I think everyday NEW people come to the site and few people even know there's a forum to discuss this stuff. New people aren't going to start looking around and researching every place on the site to download some free software.

More often than not, I'm sure people just download and rely on their own security software for any potential issues because they rely on the work GOTD has already done to give them issue free software.

Posted 2 years ago #
BuBBy

offline
Administrator

Can we not talk about the sheds. This has absolutely nothing to do with the sheds. Let's just stick to talking about your music.

Having a separate thread for each program is probably a good idea - once I create a new forum section just related to resolving suspected Malware issues.

Posted 2 years ago #
Lee

offline
Member

Stick to topic of the thread!

Posted 2 years ago #
Granny

offline
Member

I hope this the correct area to ask this ... a friend of mine, who moderates a tech group (over 1,000 members) was told that when one of his members tried to download one of the offers from gaotd that it infected his pc with a virus.
I have been reading the commentaries for over two months on gaotd and have never seen anyone complain of this happening. Is there some way to assure my friends that this complaint is probabaly unfounded? Or have you heard of such a thing REALLY happening?
Thank you for your assistance.
Ms. Granny Finley

Posted 2 years ago #
LadyGodiva

offline
Member

Granny, if you could email your friend for more information perhaps someone could help.

Specifically:

a. Name of the program offered from this site.
b. Name of the suspected virus, and whether it was in fact a virus, trojan, or spyware.
c. If it was an actual infection or a security warning from a virus scanner or spyware scanner.
d. The name and version of the virus and/or spyware scanner used, and when definitions were last updated.
e. Any further information that may be relevent, such as operating system or other information found on the problem.

If you cannot get that information, particularly the first three, then perhaps a link to the tech group forum where it may have already been discussed may suffice. To date there has been no confirmed virus, trojan or spyware in any of the programs or games offered by this site but there have been a few false positives.

Posted 2 years ago #
Granny

offline
Member

Thank you Lady G. I looked for where that problem had been discussed, but so many pages, so little time. Did a search with word "virus" but still couldn't find where it had already been laid to rest. That's why I posted so that someone could steer me to the correct page. Thank you again for your assistance.
San Diego Granny

Posted 2 years ago #
BuBBy

offline
Administrator

Hi Granny,

I'm trying to think of an analogy as to why I doubt this person got a virus from GOTD. I'm not 100% sure of the numbers so I will just make some up (who needs a reason?).

If 5000 people all purchase the same days newspaper from the same newsagent in a 24 hour period - is it likely that one person will have a different crossword puzzle to everyone else?

If 5,000 people download a given file from GOTD over a 24 hour period, and one of those people claims that his/her download had a virus, but nobody else - including the many people who post and read these forums each day - notices anything out of the ordinary....

Should a real virus or trojan make it to the download website (which is unlikely as they are scanned/checked by 2 different people running 3 different programs) - but let's just say it actually did happen. I would expect within the first 60-90 minutes the comment section and the forums would have multiple posts saying a virus (or whatever) was detected.

Conservatively I would expect 15 to 20 separate reports inside the first 60 to 90 minutes of the giveaway.

Now for an entire day to pass, and only one person (mentioning it in passing) to a moderator on another forum - just doesn't seem to fit. Moreover once the software was installed and in use people would continue to get alerts from their antispyware and antivirus software. So the following days I would still expect people to be discovering and reporting the virus.

So the way I see it, if there was an actual virus inside a giveaway - either it was a very quiet day and maybe only 3 people installed it, or from the hundreds or thousands of people who downloaded and installed it - only one person noticed that anything was wrong - and they are pretty much keeping that secret to themselves.

Or I could be wrong....

Posted 2 years ago #
mindnova

offline
Member

First off, how many people are running up to date spyware and antivirus programs. Using up to date programs and scanning often is something I can't seem to get across to people around me.

Before you blame GOTD ask yourself how many freeware sites you have already visited. The old saying "nothing in life is free" people don't seem to apply to software.

Even GOTD programs I take with a grain of salt, scanning after download and running. GOTD is not freeware, if you need to uninstall and reinstall your out of luck. But it's a great way to evaluate companies and their software.

So far I've been inpressed and uninpressed by programs offered, but the chance to keep my money in my pockets has been great. All I have to do is keep alert.

So kudos to GOTD, but keep your anti-spy-virus-whatever up to date and good luck.

Posted 2 years ago #
BuBBy

offline
Administrator

Many AntiVirus and AntiSpyware products now handle the updating automatically in the background whenever an internet connection is detected. So in most cases it would actually take a very conscious and deliberate effort to disable updates.

My expectation is that the technical ability of GOTD users is above average - as it involves the handling of archive files and installation of software - two skills that I believe it is fair to say most computer users do not possess. (The majority of window users only understand how to operate software that has already been installed).

You are correct that GOTD giveaways are not freeware. The software giveaways are commercial software registered with a limited license. Unlike freeware - the license does not allow for reinstallation or giving licensed copies to other people (outside the giveaway period). The purpose of the giveaways presents a marketing opportunity for software companies - and a one off chance to use a single version of a commercial program without any evaluation limitations. The obvious extension of this license requires a purchase from the developer to convert from a restricted license to a full one (permitting upgrades, reinstallation and support).

Posted 2 years ago #
George

offline
Member

Haha bubby, you are so good at debating.
Anyway "If 5000 people all purchase the same days newspaper from the same newsagent in a 24 hour period - is it likely that one person will have a different crossword puzzle to everyone else"
I like that analogy. "you could be wrong"! BUT I'll add on to it.
IF some evil worker of the newspaper company intentionally put a harmful bacteria in the newspaper ink, not many people will notice either. Maybe only a few scientists might find out with their microscopes that the newspaper contains a harmful payload but most people will be none the wiser, (before they get infected)!

To be honest, I haven't downloaded that one at all, so I can't prove a thing! BUT with enough people complaining about the same virus, maybe you should start investigating!

Posted 2 years ago #
BuBBy

offline
Administrator

George, there is a flaw in your analogy that only a few scientists might notice the infection - but almost all of the people have at least one variant of AntiVirus installed (from a limited range of perhaps 10 to 15 major products). Using your Analogy almost everybody who purchased the "Infected Ink" newspaper would also be a scientist equipped with a microscope. The paper would be checked automatically - because scientists with microscopes are programmed to check every newspaper that they come across for infected ink. Perhaps the scientist may not know what to do when they found out about the ink - but it's a fairly safe bet, they would talk to other scientists (possibly announcing their findings to EVERY other scientist).

At any rate I would expect several people to notice and report a suspected virus infection. They would also need to tell us which AV product detected the infection (so that it could be confirmed).

At this point I would expect that not only myself, but other users would conduct their own tests.... at the end of the day - a virus infection on a single file which is being downloaded and executed perhaps thousands of times in a 24 hour period - is unlikely to go "unnoticed".

If this did occur, I would definitely be suprised. However taking this to the extreme - "What if the bacteria in the ink was soooo new that nobody had EVER seen it before and nobody knew that it was dangerous".

Then, once people started falling over, foaming at the mouth after licking their ink stained thumb to turn the page - we would probably start to see a common cause and would need to try to contain it. But in this case - if the virus was so new that nothing available knew about it - there really isn't anything you could do about that anyway.

Someone always has to be the first to come across a new virus. The only possibility to catch a virus in this case is probably via heuristics scanning - which rather than looking for a known fingerprint, watches out for "suspicious virus-like behaviour". Often these may result in false positives - but when you fear the risk of polymorphic viruses that change only slightly between generations to avoid detection from signature comparisons, sometimes using heuristics is the only way to detect this type of threat (perhaps until accurate & tested signature files can be released).

Posted 2 years ago #
George

offline
Member

Thanks for that essay!

Let's continue the analogy to meet your needs and questions. (This is an analogy only, it did not actually occur, don't be scared: There ain't no deadly viruses in real ink!)

Many people who purchased the newspaper had microscopes and checked them immediately! Unfortunately, most microscopes couldn't see the infection due to the microbe being too small. Only a few microscopes, which were electron microscopes, with enough magnification power could see this dangerous infection! Therefore, those without the electron microscopes could not notice the dangerous virus! Unlike other viruses, this one would only show symptoms after a long period of time which could be deadly and too late. Only the scientists wit electron microscopes new about the dangerous infection. Some of them decided that everyone else should know about it before it was too late. Hence, they started telling the public about it in forums!

So Bubby you may be right in it being a dangerous polymorphic virus! This virus could be rare and only one type of virus scanner will detect it! BUT it is not advised to go out and start saying that these guys are definitely lying or wrong! Maybe they are right!

I'm not saying that GOTD intentionally puts viruses and stuff in Giveaways, I cannot prove that, and I am not planning to waste time doing that! But do not disregard the chance that there might be viruses!

Posted 2 years ago #
BuBBy

offline
Administrator

Thanks for your post. I recommend that everyone read newspapers wearing rubber gloves.

Or even better - never buy a newspaper again. Become a hermit and move to the desert so you don't die from some previously undetected ink (or shaking hands with someone who read a newspaper).

If you want to actually learn something about the management and containment of security threats and virus outbreaks I suggest you find a professional security and antivirus related forum. Or you might just prefer to find a professional.

They are gonna just love you.

Posted 2 years ago #
dynalyte

offline
Member

It appears this freeware file is no longer freeware. The download doesn't work and the button links to the developers page, which says it's 49 pounds.

http://www.giveawayoftheday.com/freeware/dir/3288/Download-TiNControl.htm

Posted 2 years ago #
Fluffyntx

offline
Member

Todays giveaway "InControl" installs a keylogger along with the software. I uninstalled it and cleaned with spybot then ran spybot again to make sure pc was clean then installed InControl again then retested with Spybot and it installed the leylogger again. I dont trust any company who installs keyloggers or spyware with thier software. No thanks.

Posted 2 years ago #
Wolven

offline
Member

Doylesoft Knowledge Base - Installs SpyGraphica.

Installation on WinXP SP2
During installation Webroot Spysweeper (fully updated earlier today) alerted me to a critical problem.
It stopped the installation and quarantined suspect malware.
Full report at this link.
http://research.spysweeper.com/search.php?serialnumber=ngfdd&lang=en&loc=AUS&category=System%20Monitor&rc=9238

Removal Info fom Symantec.
http://www.symantec.com/security_response/writeup.jsp?docid=2004-061915-5134-99&tabid=3

I realize this is after all software which does track and distribute application data across a network(s), but I am uninstalling the program as I do not want this particular tracker on my machine. Others can make up their own minds.

Posted 2 years ago #
BuBBy

offline
Administrator

Doylesoft - false positive. Spyware sweeper is seeing the two filename ending in ".exe.manifest" (SpyGraphica also has one of these - but a different filename).

The .exe.manifest file is harmless - open it up in notepad and check for yourself. The software doesn't need it - just delete these two files (they are just text xml files - about as harmful as an ini file).

The manifest files are generated for setup & deployment - if anyone cares - just google .exe.manifest and read all about them.

Posted 2 years ago #
Wolven

offline
Member

Thanks BuBBy,

I had a feeling it was an F/P as no-one else had detected it, but I was way too tired to chance it last night. I had the file in quarantine for a while, but chose to wipe the D/L and install later as no-one was around to answer the call. Not a problem though, as it was a program I was more inquisitive of than actually interested in having. Hope I didn't blow anyone else away from the D/L.

Thanks again for the info. That's a situation to watch out for in the future with SpySweeper.

~W~

Posted 2 years ago #
TKM

offline
Member

Today's giveaway sounds wonderful: Flower's Story.

I cannot get into it as AntiVir (A very well-known free A-V) goes ballistic with it, saying many files are infected, even some .dat files with the Trojan TR/Crypt.ULPM.Gen.

Thanks for any help you can give!

T

Posted 2 years ago #
xxxxxx

offline
Blocked

Today’s game’s (WWII Tank Commander) downloads are not working.

Posted 2 years ago #

RSS feed for this topic

12…6 Next »

Reply »

You must log in to post.